Interim Global Head of Cyber Risk & Compliance
Job Title: Interim Global Head of Cyber Risk & Compliance
TR Ref: 13495
Location: London, although mostly working from home
Contract Duration: 6 months (possibly leading to perm staff appointment thereafter)
This is a fantastic opportunity for an IT Risk, Compliance and Governance Leader to set up a new function for a large (multi £bn) global organization, which delivers a diverse range of software and data solutions.
Reporting to the Group CIO you will be building and leading a team of IT risk and compliance specialists (c. 6-12 FTE), who will design and embed the processes and controls required to support defined frameworks (which you will also own) to identify, assess and manage IT risks across the group and ensure adherence to the relevant regulatory standards.
You will be working closely with the CISO and Group Head of Enterprise Risk, along with the wider IT community, to champion IT Risk and Compliance. This will include leading and owning the IT Risk Committee, chairing a policy review board and other tech governance bodies including our client’s Technology Standards board.
Skills & Experience needed to be effective in this role:
- At least 3 yrs experience leading globally dispersed IT Risk and Compliance teams, ideally within a highly matrixed organisation.
- Extensive experience designing and implementing IT Controls (frameworks and processes) and setting up IT Audit and Technology Risk Management functions.
- Skilled in quantifying and reporting IT controls and security risks, inc. compliance and risk metrics
- Broad technical expertise covering CyberSec, corporate governance and regulatory risk and change
- Knowledge of relevant regulatory and statutory requirements (ISO27001, GDPR, NIST etc) and technical risk and control matters.
- Able to plan and guide audits and assessments initiated by auditors (internal and external) and liaise on audit planning, execution and developing remediation action plans with both Auditors and Auditees
- Experience facilitating vendor IS assessments and performance reviews
- Proficient reviewing client contracts for security and data protection clauses; supporting IT Risk responses to clients; managing client IS reviews and audits.
- Manage IT Risk and Compliance projects ensuring technical excellence and a practical/business driven approach
- First-class interpersonal, communication and influencing skills. A self-starter with considerable business acumen, able to work effectively with senior stakeholders to understand the business requirements and ensure business ownership and engagement, in order to deliver sustainable change.
- CISA or CIA, or similar
- GDPR, or similar
- ISO:27001, or similar
This is an interim assignment for an initial 6-month term, to build the team and establish the IT Controls, at which point our client will be hiring a permanent employee to take over the leadership of the function and team. You are welcome to apply for the permanent staff position at that time, if you wish.